With increasing privacy/data protection regulations, in particular the EU General Data Protection Regulation (GDPR), we have been working with ensuring GDPR compliance in many of areas, and the spring 2018 was a really busy period ensuring all our clients where compliant. Many of these are ERP customers, but actually GDPR compliance is also very relevant for Qlik Sense customers. Most customer think the following is true: “Achieving compliance comes really down to what data you have on your Qlik platform”
That’s just not right. It’s much more complex than that, the need for example to make sure you have a policy for your log files, internal log files contain user ID, these must be handled. Itelligence has a 6 step package that compliance, and some of these steps are even valid for client that use Qlik Sense without any customer data in the system!
Upsides and Solutions!
On the other hand we are thank full that we don’t have to handle a system of Excel files, which means governance would be impossible!
Since this is information valid for any Qlik customer, and we really want to make sure that Qlik customers don’t get caught violating GDPR, where are giving these valueble pointers to the community. In the current view of GDPR, having checked and documented the following 6 points should however be sufficient, to be technical compliant:
- Logfile Governance
- Deletion of Qlik Log files and randomisation of user data in Monitoring Apps
- Audit Log Adjustment to comply with reporting of access to sensitive data
- QVD & File Governance
- Deletion of QVD files to secure against dead files with sensitive data are disconnected from source refresh.
- Apps Governance
- Removal of data from unused and old Apps. Clear out apps that are not auto refreshed with data from GDPR compliant sources.
- Data Export
- Ensure that sensitive data does not end up in disconnected Excel sheets
- Directory Connector
- Check that directory connectors remove users in compliance with GDPR (the right to be forgotten).
- Document that covers decision points and topics that ensure compliance, and why a decision was made. This document can be used as Documentation in an Auditing scenario.
We are off course willing solve to the above on your behalf and ensure that you ask the right questions, but any person with legal background and GDPR understanding will know why the above is important. itelligence Principal Expert Jakob Hansen has in corporation with our GDPR department developed our GuideBook and we have the know how to ensure a technical compliant baseline and align with your internal policies. Please fill out the below form and add GDPR and Qlik in the inquiry text and we will get back to you.